Bugtraq ID: 75999Class: Input Validation Error
CVE: CVE-2015-1331
Remote: No
Local: Yes
Author: Roman Fiedler (Austrian Institute of Technology)

SUMMARY

An attacker can use readily available commands and tools to exploit this issue.

VULNERABILITY DESCRIPTION

LXC is prone to a local directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

A local attacker could exploit this vulnerability using directory-traversal characters (‘../’) to arbitrary file as the root user.

VULNERABLE VERSIONS

• Debian Linux 6.0 sparc
• Debian Linux 6.0 s/390
• Debian Linux 6.0 powerpc
• Debian Linux 6.0 mips
• Debian Linux 6.0 ia-64
• Debian Linux 6.0 ia-32
• Debian Linux 6.0 arm
• Debian Linux 6.0 amd64

Mitigation

Updates are available. Please see the references or vendor advisory for more information.

References

• NVD – CVE-2015-1331